<!DOCTYPE html>
<body>
  <script src="/resources/testharness.js"></script>
  <script src="/resources/testharnessreport.js"></script>
  <script src="/permissions-policy/resources/permissions-policy.js"></script>
  <script>
    "use strict";
    const same_origin_src =
      "/permissions-policy/resources/permissions-policy-payment.html";
    const cross_origin_src =
      "https://{{hosts[alt][]}}:{{ports[https][0]}}" + same_origin_src;
    const header = 'permissions policy header "payment=()"';

    test(() => {
      const supportedInstruments = [{ supportedMethods: "visa" }];
      const details = {
        total: {
          label: "Test",
          amount: { currency: "USD", value: "5.00" },
        },
      };
      assert_throws_dom("SecurityError", () => {
        new PaymentRequest(supportedInstruments, details);
      });
    }, `${header} disallows Payment Request API in top-level document.`);

    promise_test((test) => {
      return test_feature_availability({
        feature_description: "PaymentRequest()",
        test,
        src: same_origin_src,
        expect_feature_available: expect_feature_unavailable_default,
        is_promise_test: true,
      });
    }, `${header} disallows Payment Request API in same-origin iframes.`);

    promise_test((test) => {
      return test_feature_availability({
        feature_description: "PaymentRequest()",
        test,
        src: cross_origin_src,
        expect_feature_available: expect_feature_unavailable_default,
        feature_name: "payment",
        is_promise_test: true,
      });
    }, `${header} disallows Payment Request API in cross-origin iframes.`);
  </script>
</body>
